Security
Feb 9, 2012
Jason Thompson
1 Comment

Ghost Domain Names?

The Internet Systems Consortium has an interesting article on what they are referring to as ghost domain names.  Apparently there is a DNS exploit which is directly linked to the way that the overall DNS protocol was designed.  This paragraph taken from the article explains more about the DNS exploit:

“To the best of our current knowledge, the extent of the exposure for users of BIND or other affected software is this: every resource record in the Domain Name System hierarchy has a time-to-live (TTL) value associated with it, intended to control how long the information in the resource record can be kept in cache by a non-authoritative server. Dr. Duan’s paper discloses a method whereby information can be prolonged in the cache beyond the period supposedly allowed by the TTL value, causing affected resolvers to potentially return incorrect answers. It does not allow arbitrary insertion, removal, or alteration of resource record data.”

Under the active exploits section of the article it states the following:

“No known active exploits, but the paper describing the issue is public and has been presented in public forums. The Ghost Names exploit might assist cyber-criminal activity.”

The part that caught my attention was the fact that the Ghost Names exploit could potentially assist cyber-criminals.  I don’t disagree with this notion, but I do have to admit that almost anything which is accessible on the Internet could assist cyber-criminals and does assist cyber-criminals.

The article ends with this as the solution:

“On further review, ISC has determined that this is not an issue which needs an immediate patch. The issue is being reviewed at the protocol level and will be addressed there. Implementing DNSSEC is the safest mitigation measure.”

Although they state it is something that doesn’t need to be immediately patched, its great that this article was published.  The article is based on the research of Dr. Duan and his associates.  This exploit was recently presented at the NDSS Conference earlier this week.

1 Comment

Leave a comment